Connecting the Dots to Drive Down Cyber Risk Together: The Superheroes Behind the Nation’s JCDC
Over the past several years, it has become increasingly clear that old models of public-private partnership are no longer sufficient to meet the scale and pace of the cyber threat. Last August, we created the Joint Cyber Defense Collaborative (JCDC) to fundamentally transform how we reduce cyber risk to our country: through continuous operational collaboration between trusted partners and by conducting rigorous planning to address the most significant threats before damaging intrusions occur.
By bringing together government partners like the FBI, NSA, and U.S. Cyber Command with private sector partners, we have developed a new platform to drive down risk to the nation at scale. Importantly, the success of this model over the past year is not CISA’s alone. The JCDC is unique precisely because it is a “Collaborative” not only in name and intention but in execution: the JCDC succeeds only through the co-equal contributions of each participating organization, which bring to bear singular capability, expertise, and innovation. With pride in the work done every day by the collective JCDC organization, I’m excited to highlight some of the efforts of the past year.
Log4Shell:
On December 10, 2021, CISA became aware of the Log4Shell vulnerability and, within hours, the JCDC leveraged their expertise and demonstrated true operational collaboration with helping CISA inform, understand, and manage the threat posed by Log4Shell and related vulnerabilities. To support this round-the-clock collaboration, CISA stood up a Slack channel to share intelligence in near-real time, established a platform to serve as the authoritative source on products impacted by the vulnerability, and took collective action to mitigate the severe risk of this vulnerability to the nation.
Any tangible results? The recently published Cyber Safety Review Board report noted that JCDC “facilitated the collection, organization, and consolidation of data to determine the impact of the vulnerability and support the development of comprehensive remediation” and that “the JCDC was an important catalyst for information sharing to address the threat.” In particular, JCDC members provided 17 threat analyses that informed CISA’s products, guidance, and analysis. Supported with JCDC input, CISA’s Apache Log4j Vulnerability Guidance webpage attracted more than 300,000 page views in its first three weeks.
Daxin malware:
In early February 2022 when Broadcom discovered Daxin, an extremely sophisticated piece of malware, they had difficulty connecting with targeted international government partners as they were not one of their customers. Through JCDC, CISA was made aware of the problem and quickly leveraged preexisting relationships with both the U.S. private sector and international partners on behalf of Broadcom.
The outcome? As enabled through JCDC, Broadcom was able to meet with the potential victims in foreign countries within 48 hours and assisted in the detection and remediation of their infected computers. The structure of JCDC enabled this positive outcome and will enable many more in the future.
Shields Up:
Having quickly built trust and collaborative relationships, JCDC developed a Russia-Ukraine Tensions Plan and then tested it in a tabletop exercise in February 2022. This plan enabled JCDC participants to assess and plan responses to potential malicious cyber activity related to Russia’s invasion of Ukraine, which could impact organizations both within and beyond the region.
Any payoff? CISA worked with JCDC members to establish the Shields Up campaign and an accompanying technical guidance webpage that benefited in significant part from information provided by JCDC partners. We also published a list of free cybersecurity tools and services that has proved particularly impactful for small businesses and other organizations that are target rich and resource poor. Perhaps most importantly, the JCDC established an “early warning system” to quickly identify and respond to evolving malicious cyber activity from Russian actors, which will retain enduring value as the threat continues to evolve.
Newest efforts:
A few months ago, CISA expanded JCDC to include industrial control systems (ICS) industry experts and welcomed new partners ranging from security vendors to integrators to distributors. Adding new expertise and insight to the overall ICS/operational technology (OT) effort, JCDC-ICS is building on the existing platform of JCDC to develop plans around the protection and defense of control systems; inform U.S. government guidance on ICS/OT cybersecurity; and contribute to real-time operational fusion across private and public partners in the ICS/OT space.
In another new endeavor, JCDC members are collaboratively supporting CISA’s ongoing defense of the nation’s election infrastructure for the 2022 midterm elections by providing valuable services, tools, and information to election officials. Through JCDC, this week CISA added another resource for our election security stakeholders — Protecting U.S. Elections: A CISA Cybersecurity Toolkit. This webpage is a compilation of free services and tools from the open-source community, private and public sector organizations, JCDC members, and CISA.
Conclusions? These new efforts show the flexibility and support of JCDC members to use their diverse and unique capabilities and expertise to reduce risk to the cyber ecosystem and to critical infrastructure.
If it is not evident in these few accomplishments, let me be clear—this JCDC journey and purpose is not CISA’s alone. Every participant in JCDC, federal government and private sector, continues to work hard, smart, and innovative toward common effort: identify cyber risks, connect the dots, and work together to drive down risks to our country. This platform has established the promise of a new model for public-private operational collaboration.
We have much work to do to fulfill that promise in the years to come: Bringing in more partners across sectors to scale our efforts, identifying and executing new cyber defense plans that address the most critical risks, and ensuring that insights gleaned from operational collaboration effectively flow to private sector and state, local, tribal, and territorial partners to maximize the breadth of our impact.
I look forward to JCDC’s second year knowing we will continue to mature and evolve this partnership model so we can achieve greater common situational awareness, information fusion, and analysis that equips public and private partners to take coordinated action and most effectively safeguard the functions and services upon which the American people depend every day.